VulnerableCode Package Details - pkg:rpm/redhat/atomic-openshift@3.11.129-1.git.0.bd4f2d5?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-2r58-w5gn-x3bt Aliases: CVE-2019-10337 GHSA-g6h2-4x64-c59x	Improper Restriction of XML External Entity Reference An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin allows attackers, who are able to control the content of the input file for the "XML" macro, to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.	There are no reported fixed by versions.
VCID-35gz-1zjh-2qan Aliases: CVE-2019-1002100 GHSA-q4rr-64r9-fwgf	Kubernetes DoS Vulnerability In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.	There are no reported fixed by versions.
VCID-jaj4-sv1x-z7bz Aliases: CVE-2019-3876 GHSA-jgwg-35hf-xqrr	Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's [supported ecosystems](https://github.com/github/advisory-database/blob/main/README.md#supported-ecosystems). This link is maintained to preserve external references. ## Original Description A flaw was found in the `/oauth/token/request` custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2r58-w5gn-x3bt
Aliases:
CVE-2019-10337
GHSA-g6h2-4x64-c59x

Improper Restriction of XML External Entity Reference An XML external entities (XXE) vulnerability in Jenkins Token Macro Plugin allows attackers, who are able to control the content of the input file for the "XML" macro, to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks.

There are no reported fixed by versions.

VCID-35gz-1zjh-2qan
Aliases:
CVE-2019-1002100
GHSA-q4rr-64r9-fwgf

Kubernetes DoS Vulnerability In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.

There are no reported fixed by versions.

VCID-jaj4-sv1x-z7bz
Aliases:
CVE-2019-3876
GHSA-jgwg-35hf-xqrr

Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability ## Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's [supported ecosystems](https://github.com/github/advisory-database/blob/main/README.md#supported-ecosystems). This link is maintained to preserve external references. ## Original Description A flaw was found in the `/oauth/token/request` custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwise prevented, a separate XSS vulnerability via JavaScript could further allow for the extraction of these tokens.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:20:52.474275+00:00	RedHat Importer	Affected by	VCID-35gz-1zjh-2qan	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1002100.json	38.0.0
2026-04-01T14:20:39.905174+00:00	RedHat Importer	Affected by	VCID-jaj4-sv1x-z7bz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3876.json	38.0.0
2026-04-01T14:18:51.380555+00:00	RedHat Importer	Affected by	VCID-2r58-w5gn-x3bt	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10337.json	38.0.0